Links

Tuesday, October 14, 2014

Everything You Deed to Know about the Lack of eBook Security in Adobe Digital Editions

Adobe Digital Editions is used by millions of libraries and readers to transfer eBooks to their devices. This can include e-readers, tablets or smartphones. Whenever you add an eBook to the ADE library, information is transferred to the Adobe servers in plain text. The data comprises of your User ID, Device ID, IP address, how long it took you to complete the book and percentage of the book read. Anyone with the correct tools can monitor your reading habits and it doesn’t take much for all of your private information to fall into the wrong hands.

It is important to note what exactly is transpiring when eBook information is sent to Adobe. Many media outlets are incorrectly reporting that all EPUB and PDF books on your computer are being scanned and sent to Adobe. The only books that are affected are the ones you import into Digital Editions for the purposes of sending to your e-reader, smartphone or tablet.

Libraries stand the most to lose from the Adobe Digital Editions firestorm. Chiefly because unless you use a dedicated app from 3M, Overdrive, or Baker & Taylor on your device, you will end up using it to transfer content to your Kindle, Kobo, or Nook. This is a critical piece of software needed to transfer a book borrowed from the library to their device.

The Amazon Kindle is a bit of a different beast than all other e-readers. infoDOCKET's Gary Price noted that whenever a user checks out a library ebook on a Kindle device, Amazon gets access to their reading data as well (per the Kindle terms of use). He added that "the dedication and vigilance to user privacy that the public (both library users and non-users) appreciate from libraries is not the same in the digital world (for many reasons) and we need to do more."

"Sending this information in plain text undermines decades of efforts by libraries and bookstores to protect the privacy of their patrons and customers," Electronic Frontier Foundation Corynne McSherry wrote in a blog post about the issue.

An Adobe spokesperson provided the following statement: “Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices—whether they purchase or borrow them. All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers.” Some of these models could include eBook subscription services that pay the author after a certain number of pages are read.

Adobe has announced that they are issuing a patch for the latest version of Adobe Digital Editions. The company noted that “In terms of the transmission of the data collected, Adobe is in the process of working on an update to address this issue.” It is unclear on what they mean, but likely they will try and improve eBook security so that the transmitted data is not in plain text.